all InfoSec news
Igor’s Tip of the Week #157: Removing function arguments in decompiler
Malware Analysis, News and Indicators - Latest topics malware.news
When you need to change the prototype of a function in the decompiler, the standard way is to use the “Set item type…” action (shortcut Y).
One case where you may need to do it is to add or remove arguments. Especially in embedded code or when decompiling variadic functions, the decompiler may deduce the argument list wrongly. A good test for bogus arguments is to check whether they’re referenced in the function’s body. For this, use “Jump to xref” …
action case change code decompiler decompiling embedded function malware analysis may prototype remove standard week